Search criteria
11 vulnerabilities found for Packetbeat by Elastic
CVE-2026-0529 (GCVE-0-2026-0529)
Vulnerability from nvd – Published: 2026-01-14 10:09 – Updated: 2026-01-14 16:31
VLAI?
Title
Improper Validation of Array Index in Packetbeat Leading to Overflow Buffers
Summary
Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.
Severity ?
6.5 (Medium)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Packetbeat |
Affected:
7.0.0 , ≤ 7.17.29
(semver)
Affected: 8.0.0 , ≤ 8.19.9 (semver) Affected: 9.0.0 , ≤ 9.1.9 (semver) Affected: 9.2.0 , ≤ 9.2.3 (semver) |
Credits
AISLE Research
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T16:22:50.115810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T16:31:01.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Packetbeat",
"vendor": "Elastic",
"versions": [
{
"lessThanOrEqual": "7.17.29",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.19.9",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.9",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.3",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AISLE Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Validation of Array Index (CWE-129) in Packetbeat\u2019s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.\u003c/p\u003e"
}
],
"value": "Improper Validation of Array Index (CWE-129) in Packetbeat\u2019s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T10:09:02.462Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/packetbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-02/384520"
}
],
"source": {
"discovery": "Elastic"
},
"title": "Improper Validation of Array Index in Packetbeat Leading to Overflow Buffers",
"x_generator": {
"engine": "Elastic CVE Publisher 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2026-0529",
"datePublished": "2026-01-14T10:09:02.462Z",
"dateReserved": "2025-12-19T15:43:38.402Z",
"dateUpdated": "2026-01-14T16:31:01.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68388 (GCVE-0-2025-68388)
Vulnerability from nvd – Published: 2025-12-18 21:33 – Updated: 2025-12-19 11:46
VLAI?
Summary
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.
Severity ?
5.3 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Packetbeat |
Affected:
8.6.0 , ≤ 8.19.8
(semver)
Affected: 9.0.0 , ≤ 9.1.8 (semver) Affected: 9.2.0 , ≤ 9.2.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T21:48:37.879540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:48:49.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Packetbeat",
"vendor": "Elastic",
"versions": [
{
"lessThanOrEqual": "8.19.8",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.2",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAllocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.\u003c/p\u003e"
}
],
"value": "Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T11:46:39.524Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-29/384177"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2025-68388",
"datePublished": "2025-12-18T21:33:50.796Z",
"dateReserved": "2025-12-16T19:18:49.563Z",
"dateUpdated": "2025-12-19T11:46:39.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68382 (GCVE-0-2025-68382)
Vulnerability from nvd – Published: 2025-12-18 21:56 – Updated: 2025-12-19 15:14
VLAI?
Title
Packetbeat Out-of-bounds Read
Summary
Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.
Severity ?
6.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Packetbeat |
Affected:
7.0.0 , ≤ 7.17.29
(semver)
Affected: 8.0.0 , ≤ 8.19.8 (semver) Affected: 9.0.0 , ≤ 9.1.8 (semver) Affected: 9.2.0 , ≤ 9.2.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:14:05.716968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:14:16.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Packetbeat",
"vendor": "Elastic",
"versions": [
{
"lessThanOrEqual": "7.17.29",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.19.8",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.2",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOut-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.\u003c/p\u003e"
}
],
"value": "Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:56:03.352Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-31/384179"
}
],
"source": {
"discovery": "Elastic"
},
"title": "Packetbeat Out-of-bounds Read",
"x_generator": {
"engine": "Elastic CVE Publisher 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2025-68382",
"datePublished": "2025-12-18T21:56:03.352Z",
"dateReserved": "2025-12-16T17:26:09.355Z",
"dateUpdated": "2025-12-19T15:14:16.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68381 (GCVE-0-2025-68381)
Vulnerability from nvd – Published: 2025-12-18 21:51 – Updated: 2025-12-18 22:03
VLAI?
Title
Packetbeat Improper Bounds Check
Summary
Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number.
Severity ?
6.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Packetbeat |
Affected:
7.0.0 , ≤ 7.17.29
(semver)
Affected: 8.0.0 , ≤ 8.19.8 (semver) Affected: 9.0.0 , ≤ 9.1.8 (semver) Affected: 9.2.0 , ≤ 9.2.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T22:02:58.564156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T22:03:05.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Packetbeat",
"vendor": "Elastic",
"versions": [
{
"lessThanOrEqual": "7.17.29",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.19.8",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.2",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number.\u003c/p\u003e"
}
],
"value": "Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:51:36.263Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-30/384178"
}
],
"source": {
"discovery": "Elastic"
},
"title": "Packetbeat Improper Bounds Check",
"x_generator": {
"engine": "Elastic CVE Publisher 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2025-68381",
"datePublished": "2025-12-18T21:51:36.263Z",
"dateReserved": "2025-12-16T17:26:09.355Z",
"dateUpdated": "2025-12-18T22:03:05.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-11480 (GCVE-0-2017-11480)
Vulnerability from nvd – Published: 2017-12-08 18:00 – Updated: 2024-08-05 18:12
VLAI?
Summary
Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic.
Severity ?
No CVSS data available.
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Packetbeat |
Affected:
before 5.6.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:39.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Packetbeat",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.6.4"
}
]
}
],
"datePublic": "2017-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404: Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-08T17:57:01.000Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2017-11480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Packetbeat",
"version": {
"version_data": [
{
"version_value": "before 5.6.4"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404: Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2017-11480",
"datePublished": "2017-12-08T18:00:00.000Z",
"dateReserved": "2017-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:12:39.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-0529 (GCVE-0-2026-0529)
Vulnerability from cvelistv5 – Published: 2026-01-14 10:09 – Updated: 2026-01-14 16:31
VLAI?
Title
Improper Validation of Array Index in Packetbeat Leading to Overflow Buffers
Summary
Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.
Severity ?
6.5 (Medium)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Packetbeat |
Affected:
7.0.0 , ≤ 7.17.29
(semver)
Affected: 8.0.0 , ≤ 8.19.9 (semver) Affected: 9.0.0 , ≤ 9.1.9 (semver) Affected: 9.2.0 , ≤ 9.2.3 (semver) |
Credits
AISLE Research
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T16:22:50.115810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T16:31:01.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Packetbeat",
"vendor": "Elastic",
"versions": [
{
"lessThanOrEqual": "7.17.29",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.19.9",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.9",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.3",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AISLE Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Validation of Array Index (CWE-129) in Packetbeat\u2019s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled.\u003c/p\u003e"
}
],
"value": "Improper Validation of Array Index (CWE-129) in Packetbeat\u2019s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol parsing is enabled."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T10:09:02.462Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/packetbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-02/384520"
}
],
"source": {
"discovery": "Elastic"
},
"title": "Improper Validation of Array Index in Packetbeat Leading to Overflow Buffers",
"x_generator": {
"engine": "Elastic CVE Publisher 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2026-0529",
"datePublished": "2026-01-14T10:09:02.462Z",
"dateReserved": "2025-12-19T15:43:38.402Z",
"dateUpdated": "2026-01-14T16:31:01.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68382 (GCVE-0-2025-68382)
Vulnerability from cvelistv5 – Published: 2025-12-18 21:56 – Updated: 2025-12-19 15:14
VLAI?
Title
Packetbeat Out-of-bounds Read
Summary
Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.
Severity ?
6.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Packetbeat |
Affected:
7.0.0 , ≤ 7.17.29
(semver)
Affected: 8.0.0 , ≤ 8.19.8 (semver) Affected: 9.0.0 , ≤ 9.1.8 (semver) Affected: 9.2.0 , ≤ 9.2.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:14:05.716968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:14:16.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Packetbeat",
"vendor": "Elastic",
"versions": [
{
"lessThanOrEqual": "7.17.29",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.19.8",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.2",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOut-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.\u003c/p\u003e"
}
],
"value": "Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:56:03.352Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-31/384179"
}
],
"source": {
"discovery": "Elastic"
},
"title": "Packetbeat Out-of-bounds Read",
"x_generator": {
"engine": "Elastic CVE Publisher 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2025-68382",
"datePublished": "2025-12-18T21:56:03.352Z",
"dateReserved": "2025-12-16T17:26:09.355Z",
"dateUpdated": "2025-12-19T15:14:16.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68381 (GCVE-0-2025-68381)
Vulnerability from cvelistv5 – Published: 2025-12-18 21:51 – Updated: 2025-12-18 22:03
VLAI?
Title
Packetbeat Improper Bounds Check
Summary
Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number.
Severity ?
6.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Packetbeat |
Affected:
7.0.0 , ≤ 7.17.29
(semver)
Affected: 8.0.0 , ≤ 8.19.8 (semver) Affected: 9.0.0 , ≤ 9.1.8 (semver) Affected: 9.2.0 , ≤ 9.2.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T22:02:58.564156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T22:03:05.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Packetbeat",
"vendor": "Elastic",
"versions": [
{
"lessThanOrEqual": "7.17.29",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.19.8",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.2",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number.\u003c/p\u003e"
}
],
"value": "Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:51:36.263Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-30/384178"
}
],
"source": {
"discovery": "Elastic"
},
"title": "Packetbeat Improper Bounds Check",
"x_generator": {
"engine": "Elastic CVE Publisher 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2025-68381",
"datePublished": "2025-12-18T21:51:36.263Z",
"dateReserved": "2025-12-16T17:26:09.355Z",
"dateUpdated": "2025-12-18T22:03:05.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68388 (GCVE-0-2025-68388)
Vulnerability from cvelistv5 – Published: 2025-12-18 21:33 – Updated: 2025-12-19 11:46
VLAI?
Summary
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.
Severity ?
5.3 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Packetbeat |
Affected:
8.6.0 , ≤ 8.19.8
(semver)
Affected: 9.0.0 , ≤ 9.1.8 (semver) Affected: 9.2.0 , ≤ 9.2.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T21:48:37.879540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:48:49.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Packetbeat",
"vendor": "Elastic",
"versions": [
{
"lessThanOrEqual": "8.19.8",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.2",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAllocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.\u003c/p\u003e"
}
],
"value": "Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T11:46:39.524Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-29/384177"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2025-68388",
"datePublished": "2025-12-18T21:33:50.796Z",
"dateReserved": "2025-12-16T19:18:49.563Z",
"dateUpdated": "2025-12-19T11:46:39.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-11480 (GCVE-0-2017-11480)
Vulnerability from cvelistv5 – Published: 2017-12-08 18:00 – Updated: 2024-08-05 18:12
VLAI?
Summary
Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic.
Severity ?
No CVSS data available.
CWE
- CWE-404 - Improper Resource Shutdown or Release
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Packetbeat |
Affected:
before 5.6.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:39.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Packetbeat",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 5.6.4"
}
]
}
],
"datePublic": "2017-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404: Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-08T17:57:01.000Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2017-11480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Packetbeat",
"version": {
"version_data": [
{
"version_value": "before 5.6.4"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404: Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2017-11480",
"datePublished": "2017-12-08T18:00:00.000Z",
"dateReserved": "2017-07-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:12:39.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2026-AVI-0041
Vulnerability from certfr_avis - Published: 2026-01-14 - Updated: 2026-01-14
De multiples vulnérabilités ont été découvertes dans les produits Elastic. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une falsification de requêtes côté serveur (SSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Elastic | Packetbeat | Packetbeat versions 9.2.x antérieures à 9.2.4 | ||
| Elastic | Packetbeat | Packetbeat toutes versions 7.x | ||
| Elastic | Packetbeat | Packetbeat versions 8.19.x antérieures à 8.19.10 | ||
| Elastic | Packetbeat | Packetbeat versions 9.x antérieures à 9.1.10 | ||
| Elastic | Metricbeat | Metricbeat toutes versions 7.x | ||
| Elastic | Metricbeat | Metricbeat versions 8.19.x antérieures à 8.19.10 | ||
| Elastic | Elasticsearch | Elasticsearch versions 9.2.x antérieures à 9.2.4 | ||
| Elastic | Metricbeat | Metricbeat versions 9.x antérieures à 9.1.10 | ||
| Elastic | Elasticsearch | Elasticsearch toutes versions 7.x | ||
| Elastic | Elasticsearch | Elasticsearch versions 9.x antérieures à 9.1.10 | ||
| Elastic | Elasticsearch | Elasticsearch versions 8.19.x antérieures à 8.19.10 | ||
| Elastic | Metricbeat | Metricbeat versions 9.2.x antérieures à 9.2.4 | ||
| Elastic | Kibana | Kibana versions 8.19.x antérieures à 8.19.10 | ||
| Elastic | Kibana | Kibana toutes versions 7.x | ||
| Elastic | Kibana | Kibana versions 9.2.x antérieures à 9.2.4 | ||
| Elastic | Kibana | Kibana versions 9.x antérieures à 9.1.10 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Packetbeat versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Packetbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Packetbeat toutes versions 7.x",
"product": {
"name": "Packetbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Packetbeat versions 8.19.x ant\u00e9rieures \u00e0 8.19.10",
"product": {
"name": "Packetbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Packetbeat versions 9.x ant\u00e9rieures \u00e0 9.1.10",
"product": {
"name": "Packetbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Metricbeat toutes versions 7.x",
"product": {
"name": "Metricbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Metricbeat versions 8.19.x ant\u00e9rieures \u00e0 8.19.10",
"product": {
"name": "Metricbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elasticsearch versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Metricbeat versions 9.x ant\u00e9rieures \u00e0 9.1.10",
"product": {
"name": "Metricbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elasticsearch toutes versions 7.x",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elasticsearch versions 9.x ant\u00e9rieures \u00e0 9.1.10",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Elasticsearch versions 8.19.x ant\u00e9rieures \u00e0 8.19.10",
"product": {
"name": "Elasticsearch",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Metricbeat versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Metricbeat",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 8.19.x ant\u00e9rieures \u00e0 8.19.10",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana toutes versions 7.x",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
},
{
"description": "Kibana versions 9.x ant\u00e9rieures \u00e0 9.1.10",
"product": {
"name": "Kibana",
"vendor": {
"name": "Elastic",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-0532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0532"
},
{
"name": "CVE-2026-0528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0528"
},
{
"name": "CVE-2026-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0530"
},
{
"name": "CVE-2026-0529",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0529"
},
{
"name": "CVE-2025-66566",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
},
{
"name": "CVE-2026-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0543"
},
{
"name": "CVE-2026-0531",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0531"
}
],
"initial_release_date": "2026-01-14T00:00:00",
"last_revision_date": "2026-01-14T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0041",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Elastic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Elastic",
"vendor_advisories": [
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-08",
"url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-08/384523"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-02",
"url": "https://discuss.elastic.co/t/packetbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-02/384520"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-01",
"url": "https://discuss.elastic.co/t/metricbeat-8-19-10-9-1-10-9-2-4-security-update-esa-2026-01/384519"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-04",
"url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-04/384522"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-05",
"url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-05/384524"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-07",
"url": "https://discuss.elastic.co/t/elasticsearch-8-19-10-9-1-10-9-2-4-security-update-esa-2026-07/384525"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Elastic ESA-2026-03",
"url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-03/384521"
}
]
}